Share
The announcement of epidemic measures related to access to public places via the European Green Certificate was accompanied by malicious acts such as denial-of-service (DDoS) attacks against the infrastructure serving the National Health Information System (NHIS). Within 24 hours a huge amount of traffic was directed to the portal. At peak times the malicious traffic exceeding 400 Gbps. This enforced implementation of more aggressive measures to contain the malicious traffic and use of specialized analytics and countermeasures infrastructure, which began to restore the services provided. No attempts to breach and interfere with the system and leak user data were reported.
Information Services has specialized and effective means to counter such malicious actions, which enabled issuance of green certificates to continue despite some delays. In the first hours after the announcement of the measures on October 20th 2021, a record number of green certificates were issued and downloaded from the system - over 106,000. Until 3:00 pm today more than 64 000 certificates have been downloaded. The system is currently issuing over 15 000 documents per hour.
The sources of the malicious traffic that attempt to disrupt the normal functioning of the system are infected computers and Internet-connected devices all around the world:
The information security level in Bulgaria is not at the required level, and therefore malicious traffic is observed from the addresses of many legitimate users – such as hospitals, vaccination points, general practitioners and individual users to the NHIS. This requires a temporary restriction and then gradual inclusion in the system.
Information Services` teams continue working actively to ensure the NHIS and all services supported by the company availability, as well as to identify and neutralize the sources of threats.
"Information Services apologizes to all the medical professionals and citizens who have had a particular difficulty using the National Health Information System and thanks our technology partners for their assistance in neutralizing malicious actions.